Security by Sector: Cyber-Attackers Targeting the Education System

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the education sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

According to new research from Malwarebytes, the education system has become a highly sought after target sector for cyber-criminals.

In 2018, education was the top sector for Adware compromises, Trojan detections and second on the list of verticals most commonly hit with ransomware, Malwarebytes discovered.

In the first half of 2019, Adware (43%), Trojans (23%) and backdoors (3%) are the three largest categories of threats identified among education institutions’ devices.

Emotet, TrickBot and Trace were particularly active in education in Q1 of 2019, with the three representing nearly half of all Trojans detected (44%) and more than 11% of all compromises.

Speaking to Infosecurity, Wendy Zamora, editor and chief of content at Malwarebytes Labs, said: “Cyber-criminals are opportunistic: if they see an easy target ripe with sensitive data, they are going to take advantage. There are several key factors that combine to make schools easy and profitable targets.”

The first is that most institutions belonging to the education sector struggle with funding; therefore the majority of budget is deferred to core curriculum, she explained. “That means that not only is security often an afterthought, but technological infrastructure (which is expensive to update) is typically outdated and easily penetrated by cyber-criminals.”

The second is that schools collect and store valuable, sensitive data on their children and staff members, from health information to grades, Zamora continued. “That information is highly sought-after by threat actors, who can use it to hold schools for ransom or to sell for high profit margins on the black market (data belonging to children typically garners a higher price). Finally, with so many students connecting to the school network from personal and school-owned devices both on-premises and at home, there’s a larger and more open attack surface for criminals to infiltrate. In fact, students themselves often hack school software or run DDoS attacks so they can get out of work (or out of sheer boredom).

The education sector is clearly in need of better and more effective security, and it’s important for schools to make their case to the board for investment in technological infrastructure and cybersecurity solutions that combat threats which have historically targeted the education sector.

“IT directors should look for programs with dynamic, behavior-based detection criteria that shield networks and endpoints from ransomware, Trojans, and other active malware families – plus remediation capabilities to help clean up in the event of a breach," Zamora said. "Firewalls, email security, and encrypted data storage/backup systems provide additional coverage against phishing attacks, which is a common method for infiltration and breach of schools. In addition, developing a cybersecurity policy and incident response plan will help prepare schools in the event of a breach.”

However, funding and staff support aren’t always available to invest in and implement such plans, Zamora said. “Other options for improving security include launching awareness programs for employees and students to train on cybersecurity best practices, as well as segmenting networks to secure personal data away from curriculum.”

What’s hot on Infosecurity Magazine?